Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 19:17
General
-
Target
e486e9a4f70928a10a6a35fd90f36cfc4880f89d4ec07ca16865a62bf6d56105.exe
-
Size
50KB
-
MD5
5b8fcc61f01923defa64b4cb5a1e076b
-
SHA1
c230a9f733d13a4a866891abe71c9b1a607d33b1
-
SHA256
e486e9a4f70928a10a6a35fd90f36cfc4880f89d4ec07ca16865a62bf6d56105
-
SHA512
e137519deaf1b5214d440f7c6e645aef952a3cae18d23c6c5583b3c65502de53d24bd796c6a97dd1cc8f8c0b5e35af0073581fa79ef720b1280fe6f326b14ea0
-
SSDEEP
1536:LvQBeOGtrYS3srx93UBWfwC6Ggnouy8g5Uhub:LhOmTsF93UYfwC6GIoutg5Uha
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e486e9a4f70928a10a6a35fd90f36cfc4880f89d4ec07ca16865a62bf6d56105.exe"C:\Users\Admin\AppData\Local\Temp\e486e9a4f70928a10a6a35fd90f36cfc4880f89d4ec07ca16865a62bf6d56105.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbntb.exec:\7hbntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpd.exec:\vjdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpp.exec:\pddpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfrr.exec:\xrrrfrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnh.exec:\thhtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrflfx.exec:\xrrflfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhh.exec:\hbhhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pppd.exec:\7pppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfrx.exec:\rlflfrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnhbt.exec:\3tnhbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppdd.exec:\3ppdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjv.exec:\1jpjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxfxx.exec:\frfxfxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtnh.exec:\nnhtnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpd.exec:\vjdpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflflr.exec:\rfflflr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntbtb.exec:\9ntbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbnhb.exec:\bnbnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\rfxlflr.exec:\rfxlflr.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrxrll.exec:\fxrxrll.exe30⤵
- Executes dropped EXE
-
\??\c:\hhttbt.exec:\hhttbt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\7xrrfff.exec:\7xrrfff.exe34⤵
- Executes dropped EXE
-
\??\c:\7tttnn.exec:\7tttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\1rrxrlx.exec:\1rrxrlx.exe38⤵
- Executes dropped EXE
-
\??\c:\5ntntn.exec:\5ntntn.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjvv.exec:\vdjvv.exe40⤵
- Executes dropped EXE
-
\??\c:\llfxrlf.exec:\llfxrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrllff.exec:\xlrllff.exe42⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\7ppjv.exec:\7ppjv.exe44⤵
- Executes dropped EXE
-
\??\c:\7pjdd.exec:\7pjdd.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfxxrl.exec:\rrfxxrl.exe46⤵
- Executes dropped EXE
-
\??\c:\5thbbb.exec:\5thbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe48⤵
- Executes dropped EXE
-
\??\c:\7flllll.exec:\7flllll.exe49⤵
- Executes dropped EXE
-
\??\c:\9xflxrr.exec:\9xflxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\5tnnnn.exec:\5tnnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\1pjjd.exec:\1pjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe54⤵
- Executes dropped EXE
-
\??\c:\lxffxff.exec:\lxffxff.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe58⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe59⤵
- Executes dropped EXE
-
\??\c:\llllfll.exec:\llllfll.exe60⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\7tthnb.exec:\7tthnb.exe62⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\3xfffll.exec:\3xfffll.exe65⤵
- Executes dropped EXE
-
\??\c:\htthhh.exec:\htthhh.exe66⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe67⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe68⤵
-
\??\c:\djvjp.exec:\djvjp.exe69⤵
-
\??\c:\5xxxxxx.exec:\5xxxxxx.exe70⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe71⤵
-
\??\c:\xrrrrfl.exec:\xrrrrfl.exe72⤵
-
\??\c:\9lllfff.exec:\9lllfff.exe73⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe74⤵
-
\??\c:\hbbnnb.exec:\hbbnnb.exe75⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe76⤵
-
\??\c:\rfflxxf.exec:\rfflxxf.exe77⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe78⤵
-
\??\c:\9hnhbh.exec:\9hnhbh.exe79⤵
-
\??\c:\vdddd.exec:\vdddd.exe80⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe81⤵
-
\??\c:\7lrrffr.exec:\7lrrffr.exe82⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe83⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe84⤵
-
\??\c:\fxlfllx.exec:\fxlfllx.exe85⤵
-
\??\c:\7lrrxxr.exec:\7lrrxxr.exe86⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe87⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe88⤵
-
\??\c:\7lffrlf.exec:\7lffrlf.exe89⤵
-
\??\c:\tbthht.exec:\tbthht.exe90⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe91⤵
-
\??\c:\ppppp.exec:\ppppp.exe92⤵
-
\??\c:\lfffrxx.exec:\lfffrxx.exe93⤵
-
\??\c:\5xflllr.exec:\5xflllr.exe94⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe95⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe96⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe97⤵
-
\??\c:\lflxxff.exec:\lflxxff.exe98⤵
-
\??\c:\lfffxff.exec:\lfffxff.exe99⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe100⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe101⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe102⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe103⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe104⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe105⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe106⤵
-
\??\c:\vppjd.exec:\vppjd.exe107⤵
-
\??\c:\7jpvj.exec:\7jpvj.exe108⤵
-
\??\c:\djjjd.exec:\djjjd.exe109⤵
-
\??\c:\1frlffx.exec:\1frlffx.exe110⤵
-
\??\c:\hhnbbt.exec:\hhnbbt.exe111⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe112⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe113⤵
-
\??\c:\7xlfffl.exec:\7xlfffl.exe114⤵
-
\??\c:\9rxffff.exec:\9rxffff.exe115⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe116⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe117⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe118⤵
-
\??\c:\3fxlxll.exec:\3fxlxll.exe119⤵
-
\??\c:\9xxrrxr.exec:\9xxrrxr.exe120⤵
-
\??\c:\bhnhnn.exec:\bhnhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-